From deviloper at slived.net Thu Sep 11 17:31:29 2008 From: deviloper at slived.net (Deviloper) Date: Thu, 11 Sep 2008 09:31:29 +0200 (CEST) Subject: [netflow-tools] Where can I find the Documentation of the perl API Message-ID: <1564983983.168611221118289486.JavaMail.open-xchange@oxgw02.kundenserver.de> Greetings to all the people on netflow-tools mailinglist! I realized that flowd has all the feature I need for my recent project, apart from any documentation of the APIs. I searched through the package, but couldn?t find anything about the perl API. If anybody has at least a API-description or a recent pod/manpage where the API and its methodes are descripted it would save my day. Thanks a lot, Bo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20080911/57b6f609/attachment.html From deviloper at slived.net Fri Sep 12 00:57:07 2008 From: deviloper at slived.net (Deviloper) Date: Thu, 11 Sep 2008 16:57:07 +0200 (CEST) Subject: [netflow-tools] Where can I find the Documentation of the perl API In-Reply-To: References: <1564983983.168611221118289486.JavaMail.open-xchange@oxgw02.kundenserver.de> Message-ID: <1209495664.191191221145027820.JavaMail.open-xchange@oxgw02.kundenserver.de> Thanks for your reply Jeff! I am using perl for nearly everything, too. But I don?t feel good by poking around in an API I don?t know. (It feels like to scamp on a nuclear warhead to charge my cellphone. If the software crashes I am the on who get fired.) (What I need to do is, reading the flowd files ans further aggregate the date. Because we don?t want to drain to much computing power from ther routers to manage the netflow data.) I found flowinsert.pl, by knowing only a bit about NetFlow, it should work with early versions like v5. (The script is not documented, too.) But using the dynamic template based formats introduced with netflow v9, I guess it is not going to work. Is there somewhere an afford to read the template data of version 9 or is this done automatically by the modul? Thanks, Bo Jeff Saxe hat am 11. September 2008 um 15:53 geschrieben: > Hello, Bo. I don't know if there is a documented Perl API as much as? > you might think. The flowd program sits there and collects data into? > a file; that's a completely independent program sitting around doing? > just one thing. Then every once in a while, you can move aside the? > flowd file being collected, tap flowd on the shoulder with a "USR1"? > signal, and wait for a second or two for it to start a new file. Then? > you can do whatever you like with that freshly-cut-off file. > > If you want to read the data out in human form, you can use flowd- > reader at the command line, possibly augmented with text-based shell? > tools like grep, sort, awk, uniq, etc. But if you want to parse the? > data in some more sophisticated way and do some further analysis,? > then you have the option to read the flowd binary log through either? > Python or Perl. I personally have chosen Perl because I'm very? > comfortable with it (my license plate says "PERL ROX"). So basically? > you run the Makefile.PL process in the README under Flowd-perl, and? > then you can write Perl programs with "use Flowd;" in them. Look at? > the two examples under tools, flowinsert.pl (read lines from flowd,? > lightly modify them, and construct INSERT statements to cram them? > into SQL) and wormsuspects.pl (no SQL involved, just read out of? > flowd log using Perl, construct in-RAM hash in Perl, then read the? > hash and exit, forgetting the hash). Many other strategies are possible. > > Good luck! > > > -- Jeff Saxe, Network Engineer > Blue Ridge InternetWorks, Charlottesville, VA > CCIE # 9376 > 434-817-0707 ext. 2024 (work)? /? 434-882-3508 (cell)? /? ? > JSaxe at briworks.com > > > > On Sep 11, 2008, at 3:31 AM, Deviloper wrote: > > > Greetings to all the people on netflow-tools mailinglist! > > > > I realized that flowd has all the feature I need for my recent? > > project, > > apart from any documentation of the APIs. > > > > I searched through the package, but couldn?t find anything about? > > the perl API. > > > > If anybody has at least a API-description or a > > recent pod/manpage where the API and its methodes are descripted it? > > would save my day. > > > > Thanks a lot, > > Bo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20080911/6f0a1d32/attachment.html